Are there any legal or privacy concerns when using Usage Intelligence?
Flexera respects end-user privacy and encourages software vendors to do the same. All data collected by Flexera is anonymous and we do not store any IP addresses on our servers. Users are identified only through the use of a unique client/installation ID generated automatically by the Usage Intelligence SDK during the first program execution. Flexera does not collect any personally identifiable information from end-users.
The type of data collected by Flexera can be controlled by the software vendor/developer and is limited to:
- Platform/Architecture data where your product is running such as OS, language, CPU, memory, resolution, etc.
- Product & Feature Usage data such as when your product was run, and which features were used.
- Other information related to your product version/edition/build number and license key.
Collecting Data Using Custom Properties or Custom Events
If you are making use of Usage Intelligence's advanced features to collect custom data, then you have the ability to collect custom strings of your choice. Flexera has no control on what this data might contain so it is your responsibility on what type of data you collect via this functionality. It is also recommended that you ask permission from your users before collecting any data that might not be totally anonymous.
If you would like to learn more about how Flexera is GDPR compliant and how you can fulfill your GDPR obligations when using the usage intelligence platform, please read our GDPR compliance KB article.
We always recommend that you include an entry in your product EULA to state that you will be collecting anonymous data which you will use legitimately. It is also your legal responsibility as a software developer to inform your users about any data that is being collected from their machines, both through Flexera or otherwise. Whether or not you want to provide a means for your users to turn on/off tracking is your business decision and dependent on the agreement you have with your customers.
Sample EULA wording
Flexera does not provide the legal wording to use within your EULA, since this usually depends on the type of contract/agreement you have with your customers and the legislation of the country where you are established. However common EULA wording would be something along these lines:
"We are continually seeking to develop and enhance the products and services we offer to our customers. To facilitate this process it is helpful for us to collect information related to how customers use our software. By installing and using our products, you are agreeing to participate in our CEIP (Customer Experience Improvement Program) whereby you are granting us permission to collect, maintain, process and use analytics data related to your use of our Software. All the data we collect is anonymous and we do not store any IP addresses or personally identifiable information.
For the purpose of the CEIP, we may rely on third party analytics services to collect and process this data and such data is stored and processed on servers located in EU and USA. Should you wish to not participate in our CEIP, please contact support for instructions on how to disable tracking within the software."
NOTE: The above text is only intended as a guide and should be reviewed by a legal representative before using it in any legal documentation.
Providing Users with Opt-in or Opt-out Options
Should you need to cater for end-users who are sensitive on gathering ANY form of data from their machines, we suggest that you add an opt-out mechanism during installation/configuration or as a setting within your software. If a user chooses not to be tracked, then you can simply bypass the call(s) to the Usage Intelligence API.
More information on how to stay compliant with privacy laws in your region can be found in this blog post.